Top news in 60 seconds from NakedSecurity posted March 2015
A nice recap of the week in 60seconds thanks to Naked Security
comment on this storyQuick access to articles on this page:
- - March 2015 - Top news in 60 seconds from NakedSecurity
- - March 2015 - Starfighter
- - March 2015 - Pretty diagrams with Tikz in LaTeX
- - March 2015 - Cryptography Services will audit OpenSSL
- - March 2015 - GPS tracking device in real life!
- - March 2015 - Funny matasano job post
- - March 2015 - Freak Attack
- - March 2015 - How to memorise a 20 item (and upto 1000 item) grocery list.
more on the next page...
Starfighter posted March 2015
Thomas Ptacek had left Matasano, 2 years after selling to NCC, and I spotted him talking about a new "hiring" kind of company on hackernews... Well today they announced what is going to be a new kind of hiring process. After the revolution of education with Coursera and other MOOC (Massive Open Online Courses), now comes the revolution of hiring. It's called Starfighter and it will be live soon.
comment on this storyPretty diagrams with Tikz in LaTeX posted March 2015
Because studying Cryptography is also about using LaTeX, it's nice to spend a bit of time understanding how to make pretty documents. Because, you know, it's nicer to read.
Here's an awesome quick introduction of Tikz that allows to make beautiful diagram with great precision in a short time:
And I'm bookmarking one more that seems go way further.
comment on this storyCryptography Services will audit OpenSSL posted March 2015
It looks like Cryptography Services, the group I will be interning at, is going to conduct a public audit of OpenSSL.
By the way, if you missed it, they are currently auditing TrueCrypt.
This all sounds very exciting =)
EDIT: and here's the official statement
comment on this storyGPS tracking device in real life! posted March 2015
I've only seen that in movies. Not that it couldn't exist, it's just "fun" to see that happen in real life as well.
The story is here. It's about someone's car which got "bugged". It was discovered while X was at the Circumvention Tech Festival in Valencia, Spain.
more pictures there
comment on this storyFunny matasano job post posted March 2015
I stumbled on this funny job post from jeff jarmoc:
This thread will, no doubt, be dominated by posts with laundry lists of requirements. Many employers will introduce themselves by describing what they want from you. At Matasano, we're a little different. We like to start by telling you about us. This month, I want to try to do that by drawing analogy to Mission Impossible.
What made the original show so great is exactly what was lost in the 'Tom Cruise takes on the world' reboot. The original 1960's and 70's Mission Impossible was defined primarily by a team working together against all odds to achieve their objective. It acknowledged that what they were doing was improbable, and more so for a solo James Bond or Tom Cruise character. As a team though, each character an expert in their particular focus area, the incredible became credible -- the impossible, possible.
the rest is here: https://news.ycombinator.com/item?id=9127813
comment on this storyFreak Attack posted March 2015
If you're up to date on crypto news you will tell me I'm slow. But here it is, my favorite explanation of the recent Freak Attack is the one from Matthew Green here
TLS uses a cipher suite during the handshake so that old machines can still chat with new machines that use new protocols. In this list of ciphers there is one called "export suite" that is a 512bits RSA public key. It was made by the government back then to spy on foreigners since 512bits is "easy" to factor. The vulnerability comes from the fact that you can still ask a server to use that 512bits public key (even though it should have been removed a long time ago). This allows you to make a man in the middle attack where you don't have to possess a spoofed certificate. You can just change the cipher request of the client during the handshake so that he would ask for that 512bits key. 36% of the servers out there would accept that and reply with such a key. From here if we are in the middle we can just factor the key and use that to generate our own private key and see all the following exchange in clear.
comment on this storyHow to memorise a 20 item (and upto 1000 item) grocery list. posted March 2015
someone asked on Quora: What can I learn/know right now in 10 minutes that will be useful for the rest of my life?
And someone delivered! It's called the peg method, and it allows you to remember words in the long term really quickly. I knew about other techniques like creating a story where each words is like a double linked list of event or using each words as obstacles in a mental path. But this one seems way more useful and practical. But contrary to the other techniques, you have to memorize a few things before being able to use it:
I know it's not cryptography :) but from the header:
This is my blog about cryptography and security and other related topics that I find interesting.
Thanks @Loïs!
comment on this story